Home > Security > What's Miname?

What's Miname?

Hmmm. That’s interesting.

Soooo, that totally wasn’t supposed to happen — the code’s all coming out
in a couple weeks, and it was going to be this really cool event with papers and implementations and all that. What do we have now? Freaking Powerpoint. Joy!

For those wondering what I’m working on, here’s my LayerOne slides on what’s sort of a new topic for me: DNS. (PDF version here!) Here’s the summary for Defcon (maybe Blackhat too, we’ll see?):

Continuing the research done in previous years on advanced protocol manipulation and the high speed evaluation of large network characteristics, this year’s Black Ops of TCP/IP goes into new territory with a deep analysis of the Domain Name System. A core element of the TCP/IP application suite, it is everywhere — and there is unexpected power contained within.

* Interesting Facets of the Global DNS Architecture: A high speed scanner for DNS servers, modeled after my TCP scanner “scanrand”, recently executed several Internet-scale sweeps of the net. Surprising results, with direct implications for computer forensics operations, will be discussed and analyzed.

* Distributed, High Speed, Large File Dissemination via DNS, A.K.A. “Reinventing the Square Wheel.” Although there have been previous attempts to serve files over the DNS architecture, none have been even remotely usable. I will discuss a new approach that, through its significant performance improvement, is indeed remotely usable.

* One-To-Many Streaming Data Dissemination over DNS: The previous system maximizes speed at the expense of making streaming impossible. We will discuss an interesting alternate approach that almost usefully distributes streaming audio data to endpoints via their DNS queries.

* SSH over DNS: I will demonstrate a cross-platform, userspace mechanism for moving SSH data over DNS queries. This has implications for captive wireless portals, which often allow bidirectional DNS traffic.

To complete this work, some enormously complex data needed to be understood, and tools were worked with and written towards that end. Experimental 3D information visualization mechanisms and tools are thus available to be demonstrated, extending from using a 3D renderer usually used for MRI medical data as a generic static 3D canvas to using a custom OpenGL particle plotter to dynamically plot multidimensional factors of incoming data streams. A number of other topics will be raised as well, including:

* Uses and abuses of remotely visible incrementers and decrementers (such as the IPID field in many TCP/IP stacks, and initial TTL values on arbitrary DNS queries)

* Uses of generic packet race conditions, whereby useful information can be gleaned from which packet of a relatively large set effects the state change

* Protocol transliteration between TCP and UDP, allowing unreliable communication over what appears to be a TCP session, and allowing reliable data to be transmitted, with zero data expansion, over a UDP link.

* Potential solutions to the SSH bastion host security problem, whereby the invocation of remote ssh binaries at a firewall or “bastion host” opens up a single point of major failure for a server infrastructure.

OK, maybe I’m working on one or two things besides DNS. But, to be clear: DNS games aren’t anything new, I’m just throwing my hat into the ring regarding more advanced iterations (faster, larger scale) of what’s essentially
vulnerabilities in the core design of a central Internet protocol.

More later.

Categories: Security
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: